Written by: Mankun Blockchain Legal Services
Last week, Mankun Law Firm invited lawyer Belle from Australia (Partner at AHD Lawyers | Co-founder of Unizon) to share in detail about the Tornado Cash case, discussing the positioning of smart contracts from the perspective of U.S. legal regulation—whether they can be defined as property.
During the Q&A session, a friend asked: Are there opportunities for participation in the field of smart contracts under the current legal regulatory environment? This made lawyer Mankun think of another question, which is often consulted by Web3 job seekers: As a developer of a Web3 project, do I need to bear legal responsibility? If so, what kind of legal responsibilities do I have to bear?
It should be noted that any Web3 project involving cryptocurrencies, whether a public chain, a social game, or purely financial, necessarily involves smart contracts. Therefore, smart contract developers are one of the most in-demand and highly paid positions in the Web3 industry.
Following the topic of this afternoon's Mankun tea gathering, lawyer Mankun will talk about some legal responsibilities that smart contract developers need to pay attention to.
Can smart contracts involving cryptocurrencies be developed?
As Belle mentioned, the current regulation on technology itself is not clear. Therefore, whether something can be done depends more on whether it can involve cryptocurrencies, rather than on the smart contract itself.
Currently, in some cryptocurrency-friendly countries like the United States and Singapore, the development of smart contracts involving cryptocurrencies is less likely to involve legal issues, as regulatory bodies focus more on the use of smart contracts. For example, in the United States, if a smart contract involves token issuance, developers need to ensure that their tokens are not classified as 'securities'; otherwise, they must comply with U.S. securities laws. At the same time, if the smart contract is used for illegal activities such as money laundering, developers may face joint liability.
On the contrary, in countries with strong regulations represented by China, the issues are clearer. For example, according to relevant documents such as the Notice on Preventing and Handling Risks of Virtual Currency Trading Speculation issued in China, all commercial activities involving cryptocurrencies are explicitly prohibited. Although smart contracts are not explicitly banned, if they involve the issuance, trading, or payment of virtual currencies, the project may touch legal red lines, and developers may need to bear legal responsibilities. Additionally, even if developers are located overseas, if the smart contract is directly or indirectly open to Chinese users, it may be deemed illegal financial activity, and similarly, developers may face legal accountability. Such a compliance environment places higher demands on developers, requiring them not only to ensure that the contract functions are completely separated from virtual currencies but also to actively block potential Chinese users to avoid legal repercussions.
If smart contracts are misused, will developers be held accountable?
Many smart contract developers often ask, 'If the smart contract I wrote is used for illegal activities, do I need to bear legal responsibility?' The U.S. Treasury's sanctions on Tornado Cash in 2022 have undoubtedly caused more concerns for many smart contract developers. However, the reversal of the Tornado Cash incident provides a 'standard answer' to this question—smart contracts are not controlled by a single person or team, cannot be modified, and thus do not have property attributes and cannot be sanctioned.
However, lawyer Mankun had previously written an article (Web3 Lawyer: Tornado Cash Wins the Case, Does Technological Neutrality Mean Innocence?) analyzing the conditions for this victory and the perspective of regulation in China.
In fact, the reason the U.S. Treasury sanctioned Tornado Cash was due to the technology's application scenario—smart contracts being widely used for money laundering activities, leading to the belief that developers need to bear legal responsibility for assisting in money laundering. Similarly, in China, judicial bodies tend to analyze the potential harm to public interest or social order from the use and social impact of technical tools. This indicates that even if the developer's original intention is neutral, the actual use of smart contracts may still lead developers into legal dilemmas.
In addition, whether the developer's behavior exceeds the simple 'technical provision' scope will also affect their legal responsibilities. If a developer not only writes code but also assists the operator in designing high-risk functions, or provides technical support while knowing the risks, the law may determine that the developer 'participated in illegal activities,' and thus hold them accountable.
Who pays for the technical errors when smart contracts have vulnerabilities?
'Code is law' is a significant characteristic of the smart contract field, but the reality is that code is not perfect, and vulnerabilities and errors are unavoidable. Any logical error or security vulnerability can lead to loss of user assets, system crashes, or even large-scale legal disputes. According to data from Crowdfundinsider, Web3 security incidents caused losses exceeding $85 million in November 2024, one of the main reasons being smart contract vulnerabilities.
This often places smart contract developers in a tricky situation: If a smart contract has vulnerabilities, do developers need to bear responsibility? The answer is not simple.
The responsibility of smart contract developers requires attention to the following two points:
Role positioning. If a smart contract developer is a core member of a Web3 project, especially in high-risk projects like DeFi or stablecoins, and has directly participated in the design, deployment, or operation of the smart contract, then the economic losses caused by vulnerabilities often need to be borne by the core developers. However, if it is an outsourcing or collaboration relationship, it is essential to clarify the boundaries of responsibility.
Nature of vulnerabilities. The law typically distinguishes between 'force majeure vulnerabilities' and 'avoidable vulnerabilities.' The former is caused by technical limitations or unforeseen reasons, such as the emergence of entirely new attack methods, and in such cases, developers usually do not bear direct responsibility. However, if the vulnerability arises from insufficient code review or design flaws, developers may be deemed to have failed to exercise due diligence, especially if industry-standard code auditing tools were not used or sufficient testing was not conducted.
Lawyer Mankun's suggestions
In the development process of smart contracts, legal risks run throughout, from project initiation to online operation, every link needs to be treated cautiously by developers. If 'code is law' is a philosophy, then 'compliance is responsibility' is a mandatory course for developers in reality. Whether they are outsourced developers, freelancers, or core team members, developers need to clarify their roles and responsibilities at each stage to ensure that they do not cross legal boundaries while innovating.
Therefore, lawyer Mankun specifically advises:
1. Before project initiation, clarify roles and legal responsibilities
Especially for outsourced or freelance developers, it is essential to clearly define the scope of work, such as providing only technical support and not participating in subsequent operations, to avoid accountability risks caused by ambiguous responsibilities. Core developers need to evaluate legal risks, clearly define loss-sharing and compensation responsibilities in contracts. At the same time, smart contract developers should thoroughly investigate the project background, understand the legal environment of its use and target market, and be particularly cautious with high-risk projects involving cryptocurrencies or potential criminal uses to avoid participation.
2. During the development phase, follow best practices.
It is recommended to conduct thorough code testing, introduce third-party audits, and clearly state the functional scope and risk warnings in the documentation. At the same time, smart contract developers must remember the principle of technical neutrality and try to avoid embedding sensitive functions that may be abused. If the function itself poses a high risk, it is necessary to assess in advance its potential impact on social order and public interest to avoid later legal accountability.
3. After going live, enhance dynamic compliance.
Smart contract developers need to establish real-time monitoring mechanisms, regularly review the operational status of contracts, and develop emergency response plans to address security incidents and vulnerabilities. Additionally, every upgrade of the contract should undergo a strict compliance assessment to ensure that technological changes comply with local laws. Furthermore, developers should set user geographic filtering rules, such as using technical means like IP restrictions, to avoid opening functions to users in specific regions (such as China), thus mitigating legal risks and potential accountability from the outset.
Lawyer Mankun firmly believes that as an important cornerstone of Web3 technology, the future of smart contracts not only relates to the advancement of technology itself but also profoundly influences the standardized development of the entire digital economy. Although the current global regulatory focus is still on virtual currencies, as the regulation involving cryptocurrencies gradually improves, smart contracts will undoubtedly become the core topic of the next round of regulation. Finding a balance between technology and law has become an urgent issue for lawmakers and industry participants in various countries. Establishing the legal attributes and regulatory framework for smart contracts is not only a protection for developers but also maximizes support for technological sustainability and social value. Only under the joint promotion of compliance and innovation can smart contracts truly become an important cornerstone for building the next-generation internet, helping the industry move towards a broader future.